2

In my working platform i endedup with a session_destroy problem

function logout()
{

 $_SESSION['id'] = '';
 session_destroy();

}

Here i unset the session id variable with a null value and uses the session_destroy() function to destroy the session.

But the problem is that after logged out from my account, when i press the back button of the browser it shows the status as logged in. Even i can browse through the profile and links of my account.

Thank you

Peace Lover
  • 95
  • 2
  • 10
  • 2
    The manual on `session_destroy()` shows how to completely destroy a session (although yours may be rather a caching problem) – Pekka Sep 26 '11 at 08:15
  • try to use `$_SESSION = array();` instead of the `$_SESSION['id'] = '';` – Sufendy Sep 26 '11 at 08:16
  • May be this thread will help you - http://stackoverflow.com/questions/1037249/how-to-clear-browser-cache-with-php – kv-prajapati Sep 26 '11 at 08:19

4 Answers4

4

you must unset session as well as destroy session to remove it completely from your system.

you can do it with php functions..

session_unset(); or you can use unset($_SESSION);
session_destroy();
Rukmi Patel
  • 2,545
  • 8
  • 26
  • 41
  • You shouldn't use unset($_SESSION) - the PHP manual explicitly says not to. – pwaring Sep 26 '11 at 15:34
  • Caution: Do NOT unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal. http://www.php.net/manual/en/session.examples.basic.php – Green Mar 02 '12 at 18:29
2

it think you should try using session_unset()

In order to kill the session altogether, like to log the user out, the session id must also be unset.

If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that

<?php
session_start();

$sessionName = session_name();
$sessionCookie = session_get_cookie_params();

session_unset();
session_destroy();

setcookie($sessionName, false, $sessionCookie['lifetime'], $sessionCookie['path'],    $sessionCookie['domain'], $sessionCookie['secure']);
?>
yossi
  • 11,822
  • 27
  • 75
  • 110
0

Try this:

unset($_SESSION);
session_destroy();
session_regenerate_id();
Scoutman
  • 1,540
  • 10
  • 19
  • Caution: Do NOT unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal. http://www.php.net/manual/en/session.examples.basic.php – Green Mar 02 '12 at 18:28
0

Instead of rolling your own session code and possibly missing something, try using Zend_Session:

http://framework.zend.com/manual/en/zend.session.html

The constructor of Zend_Session_Namespace will automatically call session_start(), and likewise the Zend_Session::destroy() method will clean everything up in a logout script. Most of the work has already been done for you.

pwaring
  • 2,932
  • 7
  • 27
  • 45